Heap-Based Buffer Overflow Vulnerability in ComponentOne ActiveX Controls
CVE-2008-4827

Currently unrated

Key Information:

Vendor

SAP
Status
Tabone
SAP Gui
Tsc2 Help Desk
Sizerone
Vendor
CVE Published:
8 January 2009

What is CVE-2008-4827?

Multiple heap-based buffer overflow vulnerabilities exist within the AddTab method in the Tab and CTab ActiveX controls in c1sizer.ocx, as well as the TabOne ActiveX control in sizerone.ocx. These flaws enable attackers to exploit the controls by adding an excessive number of tabs or using long tab captions, leading to potential execution of arbitrary code remotely. This issue affects users of various products utilizing affected ActiveX controls, raising serious security concerns when not mitigated.

References

http://www.securityfocus.com/archive/1/499830/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/0037
vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0036
vdb-entryx_refsource_VUPEN

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.